What is the
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR), which applies starting 25 May 2018, creates consistent data protection rules across Europe. It applies to companies who are based in the EU and global companies who process personal data about individuals in the EU. It is one of the biggest legislative changes made since 1975 and could lead to fines of up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater.
We’re excited to help our customers understand how we are approaching this.
“interworks.cloud has hugely invested in data protection over the years adopting privacy policies and processes which ensure that personal data enjoy a high standard of protection by maintaining the level of respect for fundamental rights; GDPR is approached as just an additional framework for improving the quality and quantity of the data by also avoiding potential duplications.”
Costas Flocas, DPO at interworks.cloud
How interworks.cloud is preparing for the GDPR?
Our updated Privacy and Personal Data Protection Policy is available and communicated within the organization and all interested parties.
Commitment to the delivery of Personal Data Protection extends to senior level and is demonstrated through the Personal Data Protection Programme and the provision of appropriate resources to establish and develop effective technical and organizational measures to ensure appropriate security for personal data.
We share a top-down approach, outlining the planning and executing phases to structure the approach to a compliance strategy; we define the key considerations for each of the phases, including objectives, participants, inputs, tasks and deliverables.
Top management ensures at all times that a systematic review of the performance of the programme is conducted on a regular basis, addressing whether objectives were met as well as any areas of concern that may require corrective actions.
The DPO, an independent advocate of personal data protection, plays a significant role in this programme, by ensuring compliance, giving advice and recommendations, identifying risks, auditing processes, handling requests and complaints and directing towards continuous improvement.
A risk management approach and process is used which is line with the requirements and recommendations of the GDPR and relevant international standards such as ISO/IEC 27001 which interworks.cloud is certified to.
Risk management takes place at several levels within the organization, including:
• Assessment of risks to the achievement of our personal data protection objectives
• Regular personal data protection risk assessment within specific operational areas
• Assessment of risk as part of the business change management process
• At the project level as part of the management of significant change, including Data Protection Impact Assessments (DPIAs)
What interworks.cloud is doing?
interworks.cloud as Data Controller vs Data Processor
We are the data controller when we decide the “purposes” and “means” of any processing of personal data.
Similar to what’s already in place for data protection law today, data controllers will have to adopt compliance measures to cover how data is collected, what it is being used for, how long it is being retained for and ensure that people have a right to access the data held about them.
We are the data processor when we process personal data on behalf of a data controller (platform customers)
Certain obligations now apply directly to data processors, and controllers must bind them to certain contractual commitments to ensure that data is processed safely and legally. When interworks.cloud is processing data as a data processor acting on your behalf, your business needs to have its own legal basis to process and share the data with us.
Privacy and Personal Data Protection Policy
For more information you can refer to our Privacy and Personal Data Protection Policy
If you have further questions please contact us
not as a comprehensive solution or legal advice. Each organisation should undertake their own steps to ensure